arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2025-06-21 15:39:03 +00:00
Code Issues Releases Wiki Activity

In -m 12700 and -m 15200 decrypt 48 byte of data instead of just 16 byte

Browse Source
This commit is contained in:
Jens Steube 2019-12-13 13:19:58 +01:00
parent 3a610efec6
commit 40a5835927
3 changed files with 61 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
OpenCL/m12700-pure.cl
View File

@ -28,6 +28,20 @@ typedef struct mywallet_tmp
} mywallet_tmp_t; } mywallet_tmp_t;
DECLSPEC int is_valid_char (const u32 v)
{
if ((v & 0xff000000) < 0x09000000) return 0;
if ((v & 0xff000000) > 0x7e000000) return 0;
if ((v & 0x00ff0000) < 0x00090000) return 0;
if ((v & 0x00ff0000) > 0x007e0000) return 0;
if ((v & 0x0000ff00) < 0x00000900) return 0;
if ((v & 0x0000ff00) > 0x00007e00) return 0;
if ((v & 0x000000ff) < 0x00000009) return 0;
if ((v & 0x000000ff) > 0x0000007e) return 0;
return 1;
}
DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest) DECLSPEC void hmac_sha1_run_V (u32x *w0, u32x *w1, u32x *w2, u32x *w3, u32x *ipad, u32x *opad, u32x *digest)
{ {
digest[0] = ipad[0]; digest[0] = ipad[0];
@ -318,40 +332,48 @@ KERNEL_FQ void m12700_comp (KERN_ATTR_TMPS (mywallet_tmp_t))
AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3); AES256_set_decrypt_key (ks, ukey, s_te0, s_te1, s_te2, s_te3, s_td0, s_td1, s_td2, s_td3);
u32 data[4]; u32 iv[4];
data[0] = salt_bufs[salt_pos].salt_buf[4]; iv[0] = salt_bufs[salt_pos].salt_buf[0];
data[1] = salt_bufs[salt_pos].salt_buf[5]; iv[1] = salt_bufs[salt_pos].salt_buf[1];
data[2] = salt_bufs[salt_pos].salt_buf[6]; iv[2] = salt_bufs[salt_pos].salt_buf[2];
data[3] = salt_bufs[salt_pos].salt_buf[7]; iv[3] = salt_bufs[salt_pos].salt_buf[3];
u32 out[4];
AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4);
// decrypted data should be a JSON string consisting only of ASCII chars (0x09-0x7e) // decrypted data should be a JSON string consisting only of ASCII chars (0x09-0x7e)
for (u32 i = 0; i < 4; i++) for (u32 i = 4; i < 12; i += 4)
{ {
out[i] ^= salt_bufs[salt_pos].salt_buf[i]; u32 data[4];
if ((out[i] & 0xff000000) < 0x09000000) return; data[0] = salt_bufs[salt_pos].salt_buf[i + 0];
if ((out[i] & 0xff000000) > 0x7e000000) return; data[1] = salt_bufs[salt_pos].salt_buf[i + 1];
data[2] = salt_bufs[salt_pos].salt_buf[i + 2];
data[3] = salt_bufs[salt_pos].salt_buf[i + 3];
if ((out[i] & 0x00ff0000) < 0x00090000) return; u32 out[4];
if ((out[i] & 0x00ff0000) > 0x007e0000) return;
if ((out[i] & 0x0000ff00) < 0x00000900) return; AES256_decrypt (ks, data, out, s_td0, s_td1, s_td2, s_td3, s_td4);
if ((out[i] & 0x0000ff00) > 0x00007e00) return;
if ((out[i] & 0x000000ff) < 0x00000009) return; out[0] ^= iv[0];
if ((out[i] & 0x000000ff) > 0x0000007e) return; out[1] ^= iv[1];
out[2] ^= iv[2];
out[3] ^= iv[3];
if (is_valid_char (out[0]) == 0) return;
if (is_valid_char (out[1]) == 0) return;
if (is_valid_char (out[2]) == 0) return;
if (is_valid_char (out[3]) == 0) return;
iv[0] = data[0];
iv[1] = data[1];
iv[2] = data[2];
iv[3] = data[3];
} }
const u32 r0 = data[0]; const u32 r0 = salt_bufs[salt_pos].salt_buf[4];
const u32 r1 = data[1]; const u32 r1 = salt_bufs[salt_pos].salt_buf[5];
const u32 r2 = data[2]; const u32 r2 = salt_bufs[salt_pos].salt_buf[6];
const u32 r3 = data[3]; const u32 r3 = salt_bufs[salt_pos].salt_buf[7];
#define il_pos 0 #define il_pos 0

29
src/modules/module_12700.c
View File

@ -93,7 +93,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH token.attr[1] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_DIGIT; | TOKEN_ATTR_VERIFY_DIGIT;
token.len_min[2] = 64; token.len_min[2] = 144;
token.len_max[2] = 65536; token.len_max[2] = 65536;
token.sep[2] = '$'; token.sep[2] = '$';
token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH token.attr[2] = TOKEN_ATTR_VERIFY_LENGTH
@ -109,29 +109,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
const u8 *salt_pos = token.buf[2]; const u8 *salt_pos = token.buf[2];
salt->salt_buf[0] = hex_to_u32 (salt_pos + 0); // first 16 byte are IV
salt->salt_buf[1] = hex_to_u32 (salt_pos + 8);
salt->salt_buf[2] = hex_to_u32 (salt_pos + 16);
salt->salt_buf[3] = hex_to_u32 (salt_pos + 24);
salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); for (int i = 0, j = 0; i < 16; i += 1, j += 8)
salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); {
salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); salt->salt_buf[i] = hex_to_u32 (salt_pos + j);
salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]);
// this is actually the CT, which is also the hash later (if matched) salt->salt_buf[i] = byte_swap_32 (salt->salt_buf[i]);
}
salt->salt_buf[4] = hex_to_u32 (salt_pos + 32); salt->salt_len = 64;
salt->salt_buf[5] = hex_to_u32 (salt_pos + 40);
salt->salt_buf[6] = hex_to_u32 (salt_pos + 48);
salt->salt_buf[7] = hex_to_u32 (salt_pos + 56);
salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]);
salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]);
salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]);
salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]);
salt->salt_len = 32; // note we need to fix this to 16 in kernel
salt->salt_iter = ROUNDS_MYWALLET - 1; salt->salt_iter = ROUNDS_MYWALLET - 1;

29
src/modules/module_15200.c
View File

@ -98,7 +98,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
| TOKEN_ATTR_VERIFY_DIGIT; | TOKEN_ATTR_VERIFY_DIGIT;
token.sep[3] = '$'; token.sep[3] = '$';
token.len_min[3] = 64; token.len_min[3] = 144;
token.len_max[3] = 999999; token.len_max[3] = 999999;
token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH token.attr[3] = TOKEN_ATTR_VERIFY_LENGTH
| TOKEN_ATTR_VERIFY_HEX; | TOKEN_ATTR_VERIFY_HEX;
@ -119,29 +119,16 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
const u8 *data_pos = token.buf[3]; const u8 *data_pos = token.buf[3];
salt->salt_buf[0] = hex_to_u32 ((const u8 *) &data_pos[ 0]); // first 16 byte are IV
salt->salt_buf[1] = hex_to_u32 ((const u8 *) &data_pos[ 8]);
salt->salt_buf[2] = hex_to_u32 ((const u8 *) &data_pos[16]);
salt->salt_buf[3] = hex_to_u32 ((const u8 *) &data_pos[24]);
salt->salt_buf[0] = byte_swap_32 (salt->salt_buf[0]); for (int i = 0, j = 0; i < 16; i += 1, j += 8)
salt->salt_buf[1] = byte_swap_32 (salt->salt_buf[1]); {
salt->salt_buf[2] = byte_swap_32 (salt->salt_buf[2]); salt->salt_buf[i] = hex_to_u32 (data_pos + j);
salt->salt_buf[3] = byte_swap_32 (salt->salt_buf[3]);
// this is actually the CT, which is also the hash later (if matched) salt->salt_buf[i] = byte_swap_32 (salt->salt_buf[i]);
}
salt->salt_buf[4] = hex_to_u32 ((const u8 *) &data_pos[32]); salt->salt_len = 64;
salt->salt_buf[5] = hex_to_u32 ((const u8 *) &data_pos[40]);
salt->salt_buf[6] = hex_to_u32 ((const u8 *) &data_pos[48]);
salt->salt_buf[7] = hex_to_u32 ((const u8 *) &data_pos[56]);
salt->salt_buf[4] = byte_swap_32 (salt->salt_buf[4]);
salt->salt_buf[5] = byte_swap_32 (salt->salt_buf[5]);
salt->salt_buf[6] = byte_swap_32 (salt->salt_buf[6]);
salt->salt_buf[7] = byte_swap_32 (salt->salt_buf[7]);
salt->salt_len = 32; // note we need to fix this to 16 in kernel
// hash // hash